Privacy Policy

At Sourcefit, we prioritize the protection of personal data and uphold the rights and interests of data subjects (owners of Personal Identifiable Information). We recognize the value of Personal Identifiable Information (PII) entrusted to us and are committed to managing and safeguarding it responsibly. This Privacy Policy outlines how we collect, use, and share personal information when you visit our website, www.sourcefit.com (referred to as the “Site”).

DATA SUBJECTS AND RIGHTS

We guarantee that you feel secure knowing that we will handle your information with utmost care. Our privacy controls adhere to various applicable data privacy regulations, ensuring the protection of personal data collected, used, and stored in our systems. We have mapped out these regulations to cover extensive areas and have formulated solutions to address any unique requirements.

INFORMATION WE COLLECT, USE, AND WHY

Your Personal identifiable information (PII) is crucial to our business operations, and we handle it with care to deliver services efficiently. PII may be collected and used by our support services team for various purposes, including employee compensation, access management, and business development.

We may collect the following types of information.

Please note that customer information of our client partners is managed exclusively by them, ensuring control and compliance with privacy regulations. We do not store client information but facilitate its use within client systems as needed.

Website Information Collection

When you visit our website, we collect device information such as browser details, IP addresses, and cookies. Contact information is collected through contact forms for communication purposes.

Processing

We ensure PII processed is adequate, relevant, and not excessive, considering the intended purpose.

Data Privacy Principles and Legislative Requirements

We adhere to principles of transparency, legitimate purpose, and proportionality in processing PII, ensuring fair and lawful practices.

Consent

Informed and active consent is obtained before data collection, with consent forms utilized whenever possible.

Transparency

We obtain consent before processing PII and inform data subjects of the purpose, risks, safeguards, and rights associated with data processing.

Privacy Impact and Risks

Privacy Impact Assessments and Risk Analysis are conducted periodically and before implementing new processes or technologies involving PII.

Legitimate Purpose

Our PII processing aligns with declared purposes and legal requirements.

Retention

We retain your PII for specified periods based on regulatory requirements and necessity, ensuring proper disposal afterward. In compliance with prevailing regulatory requirements, we may retain PII for up to 5 years, however; retention and disposal o sensitive information may require further consent from data subjects.

Proportionality

We collect only necessary information for specified purposes with consent.

Disposal

Records and documents are disposed of properly according to retention schedules. Clients have control over the disposal of customer information stored in their portals.

Security Measures

PII is securely stored in databases managed by the Company’s Information Technology department. We maintain appropriate technical, physical, and organizational security measures to safeguard your information. These measures are regularly reviewed and updated to align with regulatory standards and technological advancements. These controls include, and is not limited to:

To learn more about these measures and how PII is secured, please get in touch with our Data Protection Officer

Data Classification

To sustain our efforts of protecting PII, the following data classification is implemented:

Public

Information intended and released for public use

Examples

Business Confidential

Information that may be shared only within Sourcefit

Examples

Confidential

High-risk information that requires strict controls

Examples

Classified

High-risk information that requires strict controls

Examples

To The following controls are implemented per category:

Activity

Printing

Mailing Paper Based-Info

Storing electronic files on work or personal computer (including portable devices)

Sharing files with authorized individuals

Engaging vendors to store/process data

Business Confidential

Do not leave unattended on printer trays or bins

Put in a closed mailing envelope/box

Only store in IT allowed storage (ie., One Drive)

Used approved collaboration tools and share with specific individuals, not anonymous or guest links

Written contracts are strongly recommended

Confidential

Do not leave unattended on printer trays or bins

Put in a closed mailing envelope/box

Only store in IT allowed storage (ie., One Drive)

Used approved collaboration tools and share with specific individuals, not anonymous or guest links

Written contracts are strongly recommended

Classified

Never print unless there is explicit approval

Never mail

Never store out of client systems or portals

Never share

Written contracts are strongly recommended

Note: This applies to internal records and records that are shared with third parties and vendors.

Restriction On Sharing PII And Marketing Use

Sharing PII

We restrict the sharing of PII with third parties unless it is necessary for the fulfillment of contractual obligations or required by law. Any sharing of PII is done with utmost caution, ensuring that appropriate safeguards are in place to protect the data.

Marketing

We will not use your PII for profiling or marketing purposes unless a legitimate purpose is established, or explicit consent is obtained from you. Legitimate purposes may include providing relevant information about our products or services that are directly related to your interests or needs.

Data Subject Requests And Incident Management

Exercising Data Subject Rights

You may engage our Data Protection Officer (DPO) to exercise your rights data privacy rights. Whether it involves accessing information, rectifying inaccuracies, objecting to processing, or requesting data erasure, our DPO facilitates these requests promptly and transparently. You may fill out the Data Subject Action Request Form (https://forms.office.com/r/zR5p32wTHf) to send your requests to the DPO.

Reporting Incidents

In the event of a data privacy incident or breach, you may report it directly to our DPO. Our DPO oversees incident response procedures, ensuring timely assessment, mitigation, and reporting in compliance with regulatory requirements.

Our Data Protection Officer

Our Data Protection Officer (DPO) oversees all data privacy matters, managing the Data Privacy Program, responding to inquiries, identifying risks, and ensuring compliance. 

To contact our DPO, email [email protected].

Our Data Privacy Compliance

Sourcefit have successfully complied with the Data Protection Officer and Personal Information Controller Registration Requirements of the National Privacy Commission of the Philippines, in accordance with NPC Circular No. 16-03. Our registration is valid until July 5, 2024. You may scan the QR code to get more information about our registration details.

Privacy Preference Center

Thank You

The form was sent successfully.